Blue Coat Web Application Reverse Proxy

Features:

Blue Coat Web Application Protections is a subscription-based offering that supplements the services available in Blue Coat’s ProxySG Web Application Reverse Proxy (WARP). An integral part of the Trusted Applications Center product family, Web Application Protections makes it easier and more efficient to set policy and protections around enterprise applications offered to employees, vendors and customers. Many companies today use Blue Coat ProxySG to protect, secure and accelerate their enterprise applications in a reverse proxy configuration in front of consumer and employee facing web applications.

Geo-IP

The first feature available with the Web Application Protections subscription, Geo-IP enables administrators to set policy based on the geographic location of the end user accessing the enterprise website. It allows country-specific locations to be used in policy for regulatory, corporate or compliance needs, or for help with troubleshooting policy.

Geo-IP allows customers to identify the country location of a specific client IP of traffic coming to a ProxySG. The Geo-IP database is automatically updated to reflect changes in locations of IP addresses.

Geo-IP does require that the real IP address of the client be delivered via the HTTP request header.

Application Protection Subscription

The Application Protection Subscription is part of the Web Application Protections license and offers a subscription to updates for SQL injection and other malicious signatures. Protection from these signatures is provided through the ProxySG policy engine configurable via the Visual Policy Manager (VPM). Administrators can have patterns automatically enforced, or manually enforce after administrator review.

With the introduction of Application Protections, a new VPM layer and several new objects have been added to the Visual Policy Manager to protect content servers using the Web Application Reverse Proxy.

The Application Protections feature scans incoming request data for malicious data patterns and applies a risk score to the request. Using the risk score from the web application protection scan, the ProxySG can take action (ICAP scan, deny, log, redirect, etc.) on the request.

Why ProxySG for Web Application Reverse Proxy Deployments?

Web-based applications are being implemented for nearly every aspect of business operations, and increasingly for trusted environments as well as untrusted (public web) environments. As a result, growing security concerns, sluggish performance, and increasing complexity are straining existing web server infrastructures. Web servers are also increasingly the primary source for malware delivery networks, hosting malware and putting users, resources and reputations at risk. Growing privacy concerns are increasing use of SSL, user identification and full authentication, which places new demands on web infrastructure. To secure and accelerate trusted and untrusted environments, organizations turn to Blue Coat Proxy SG for protection with its Web Application Reverse Proxy.

With ProxySG Web Application Reverse Proxy you can:

• Accelerate delivery of web applications and content through integrated caching, stream splitting, bandwidth controls, threat analysis of inbound and outbound web content, and a flexible policy language with unmatched user authentication options.
• Analyze and scan inbound executable files and other attachments for malware to protect your infrastructure from concealed and disguised attacks and threats. Now you can protect web infrastructure by isolating origin servers from direct Internet access, and scale web farms by off-loading user authentication, SSL tunnels and web content optimization.
• Perform health checks for HTTP, HTTPS, TCP, ICAP and ICMP to monitor web content servers and proxy related devices to alert administrators – including strict HTTP/HTML protocol validation from the server and client. As a result you can secure user access to web applications by using ProxySG as an SSL termination point with re-encryption to web servers, or a man-in-the-middle (MITM) configuration. ProxySG provides both server and client-side certificate support, with web services encryption/decryption and digital signature verification.

Requirements

• Blue Coat ProxySG with Proxy edition or Blue Coat SWG Virtual Appliance (SWG Edition). MACH5 editions are not supported.
• Web Application Protections License – available as a yearly subscription per appliance SKU.
• Geo-IP requires a minimum of SGOS 6.5.1 and Application Protection requires a minimum of SGOS 6.5.3.

Documentation:

Download the Blue Coat Web Application Reverse Proxy Datasheet (PDF).